Exploit the possiblities

WordPress ResAds 1.0.1 Cross Site Scripting

WordPress ResAds 1.0.1 Cross Site Scripting
Posted Oct 6, 2015
Authored by Iberia Medeiros

WordPress ResAds plugin version 1.0.1 suffers from multiple reflective cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2015-7667
MD5 | f7be5d3747f5f988dd39ce94e7843e27

WordPress ResAds 1.0.1 Cross Site Scripting

Change Mirror Download
Vulnerability title: Multiple Reflected XSS in ResAds version 1.0.1 WordPress plugin
CVE: CVE-2015-7667
Vendor: WordPress web-mv
Product: ResAds
Affected version: 1.0.1
Fixed version: 1.0.2
Reported by: Ibéria Medeiros

Vulnerability Details:
=====================
It was discovered that no protection against multiple reflected XSS attacks was implemented, resulting in an attacker being able to retrive user data from end user, such as session cookies.

The ResAds version 1.0.1 WordPress plugin is vulnerable to 2 reflected XSS vulnerabilities.
The templates/admanagement/admanagement.php and templates/adspot/adspot.php files are vulnerable to Cross-site.scripting (XSS) attacks via $_REQUEST['page'] parameter.

System affected:
===============
Any system that access to a web site developed by WordPress CMS version 4.3.1 or earlier and uses the ResAds version 1.0.1.

Advisory:
========
https://wordpress.org/plugins/resads/changelog/

Solution:
========
Update to ResAds version 1.0.2 plugin.
https://wordpress.org/plugins/resads/

Disclosure Timeline:
===================
Vendor notification: September 27, 2015
Vendor fixed vulnerability: September 29, 2015
Public advisory: September 29, 2015
Public disclosure: October 4, 2015

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

February 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    15 Files
  • 2
    Feb 2nd
    15 Files
  • 3
    Feb 3rd
    15 Files
  • 4
    Feb 4th
    13 Files
  • 5
    Feb 5th
    16 Files
  • 6
    Feb 6th
    15 Files
  • 7
    Feb 7th
    15 Files
  • 8
    Feb 8th
    15 Files
  • 9
    Feb 9th
    18 Files
  • 10
    Feb 10th
    8 Files
  • 11
    Feb 11th
    8 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    15 Files
  • 14
    Feb 14th
    15 Files
  • 15
    Feb 15th
    17 Files
  • 16
    Feb 16th
    18 Files
  • 17
    Feb 17th
    37 Files
  • 18
    Feb 18th
    2 Files
  • 19
    Feb 19th
    16 Files
  • 20
    Feb 20th
    11 Files
  • 21
    Feb 21st
    3 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close